III. AMENDMENTS TO THE CLAIMS 

The following listing of claims replaces all prior versions, and listings, of claims in the 
application: 

1 . (Currently Amended) A system for automatically handling Internet Key Exchange (IKE) traffic 
in a virtual private network (VPN), comprising: 

a filter detection system for searching for IKE traffic permit filters; 

an IKE traffic enablement system for automatically allowing IKE traffic from outside the 
VPN to flow into the VPN if the IKE traffic permit filters are not detected; and 

an IKE traffic management system for managing the IKE traffic through VPN 
connections after the VPN connections have been established. 

wherein the IKE traffic is traffic using IKE protocols . 

2. (Currently Amended) The system of claim 1, wherein the filter detection system searches for 
IKE traffic permit filters on a first node within the VPN . 

3. (Currently Amended) The system of claim 2, wherein the IKE traffic enablement system 
automatically allows IKE traffic to flow between the first node and a second node that is outside 
the VPN if IKE traffic permit filters are not detected by the filter detection system. 

4. (Original) The system of claim 3, wherein the IKE traffic that flows between the first node and 
the second node establishes security associations for a VPN connection between the first node 
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and the second node. 

5. (Currently Amended) The system of claim 4, wherein the IKE traffic enablement system 
automatically allows refreshing IKE traffic to flow between the first node and the second node, 
and wherein the refreshing IKE traffic is guided outside of the VPN connection by the IKE traffic 
management system^ 

wherein the refreshing IKE traffic is used to refresh security associations . 

6. (Original) The system of claim 5, wherein the refreshing IKE traffic is secured by the first 
node and the second node. 

7. (Original) The system of claim 1, wherein the IKE traffic management system references a 
table containing entries that identify connections between nodes, IP addresses of connected 
nodes, and security associations for the VPN connections. 

8. (Currently Amended) The system of claim 7, wherein the IKE traffic management system 
guides IKE traffic^ pertaining to a nested VPN connection outside of the nested VPN connection 
in a secured mode based upon the security associations between the first node and the second 
node identified in the table. 
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9. (Currently Amended) A system for automatically handling Internet Key Exchange (IKE) traffic 
in a virtual private network (VPN), comprising: 

a filter detection system for searching for IKE traffic permit filters on a first node; 

an IKE traffic enablement system for automatically allowing IKE traffic to flow between 
the first node within the VPN and a second node that is outside the VPN if the IKE traffic permit 
filters are not detected; and 

an IKE traffic management system for managing outbound IKE traffic from the first node 
to the second node, wherein the outbound IKE traffic is guided outside of a VPN connection 
between the first node and the second node after the VPN connections have been established, 

wherein the IKE traffic is traffic using IKE protocols . 

10. (Original) The system of claim 9, wherein the IKE traffic between the first node and the 
second node establishes security associations for an outer VPN connection. 

1 1 . (Original) The system of claim 9, wherein the IKE traffic enablement system further 
automatically allows IKE traffic to flow between the first node and a remote node to establish 
security associations for a nested VPN connection between the first node and the remote node. 

12. (Currently Amended) The system of claim 11, wherein refresh IKE traffic between the first 
node and the remote node flows outside of the nested VPN connection^ 

wherein the refreshing IKE traffic is used to refresh security associations . 



10/058,954 



Page 5 of 16 



13. (Original) The system of claim 9, wherein the IKE traffic management system references a 
table to determine a proper connection through which the outbound IKE traffic from the first 
gateway node should be guided, and wherein the table contains entries that identify VPN 
connections between nodes, IP address of connected nodes, and security associations for the 
VPN connections. 

14. (Currently Amended) A method for automatically handling Internet Key Exchange (IKE) 
traffic in a virtual private network (VPN), comprising the steps of: 

searching for IKE traffic permit filters on a first node; 

automatically allowing IKE traffic from outside the VPN to flow in and out of the first 
node if the IKE traffic permit filters are not detected; and 

managing outbound IKE traffic from the first node, wherein the outbound IKE traffic is 
guided outside of a particular VPN connection to which it pertains after the VPN connection 
have been established, 

wherein the IKE traffic is traffic using IKE protocols . 

15. (Original) The method of claim 14, wherein managing step comprises the steps of: 

accessing a table to identify the particular VPN connection to which the outbound IKE 
traffic pertains; and 

routing the IKE traffic outside of the identified VPN connection. 
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16. (Original) The method of claim 15, further comprising the step of securing the IKE traffic 
flowing in and out of the first node. 

17. (Currently Amended) A method for automatically handling Internet Key Exchange (IKE) 
traffic in a virtual private network (VPN), comprising the steps of: 

searching for IKE traffic permit filters on a first node; 

automatically allowing IKE traffic to flow between the first node within the VPN and a 
second node that is outside the VPN if the IKE traffic permit filters are not detected; and 

establishing security associations between the first node and the second node for an outer 
VPN connectio n; and 

e stablishing the outer VPN connection, 

wherein the IKE traffic is traffic using IKE protocols . 

18. (Original) The method of claim 17, further comprising the step of managing outbound IKE 
traffic from the first node, wherein the outbound IKE traffic pertaining to the outer VPN 
connection is guided outside of the outer VPN connection, and wherein the outbound IKE traffic 
pertaining to a nested VPN connection between the first node and a remote node is guided 
outside of the nested VPN connection. 

19. (Original) The method of claim 18, wherein the managing step comprises the steps of: 

referencing a table that identifies VPN connections between nodes, IP addresses of 
connected nodes, and security associations for the VPN connections; 
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routing the outbound IKE traffic pertaining to the outer VPN connection outside of the 
outer VPN connection; and 

routing the outbound IKE traffic pertaining to the nested VPN connection outside of the 
nested VPN connection. 

20. (Currently Amended) A method for automatically handling Internet Key Exchange (IKE) 
traffic in a virtual private network (VPN), comprising the steps of: 
searching for IKE traffic permit filters on a first node; 

automatically allowing IKE traffic to flow between the first node within the VPN and a 
second node that is outside the VPN if the IKE traffic permit filters arc not detected; 

establishing security associations between the first node and the second node for an outer 
VPN connection; 

automatically allowing IKE traffic to flow between the first node and a remote node; 

establishing security associations between the first node and the remote node for a nested 
VPN connection within the outer VPN connection; and 

managing outbound IKE traffic from the first node, wherein the outbound IKE traffic 
pertaining to the outer VPN connection is guided outside of the outer VPN connection, and 
wherein the outbound IKE traffic pertaining to the nested VPN connection is guided outside of 
the nested VPN connection^ 

wherein the IKE traffic is traffic using IKE protocols . 
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21. (Original) The method of claim 20, further comprising the step of securing the IKE traffic 
between the first node and the remote node based upon the security associations established 
between the first node and the second node. 

22. (Original) The method of claim 20, wherein the managing step comprises the steps of: 

referencing a table that identifies VPN connections, IP addresses of connected nodes, and 
security associations for the VPN connections; 

routing the outbound IKE traffic from the first node to the second node outside of the 
outer VPN connection; and 

routing the outbound IKE traffic from the first node to the remote node outside of the 
nested VPN connection in a secured mode based upon the security associations between the first 
node and the second node identified in the table. 

23. (Currently Amended) The method of claim 20, further comprising the steps of: 

receiving an inbound IKE communication in the first node from the remote node through 
the outer VPN connection; 

creating a potential nested VPN connection entry in a table, wherein the entry identifies a 
potential nested VPN connection and IP addresses corresponding to the remote node and the first 
node; 

negotiating security associations between the remote node and the first node; 
loading the nested VPN connection between the remote node and the first node; and 
updating the table by replacing the potential VPN connection entry with the nested VPN 
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connection entry . 



24. (Currently Amended) A program product stored on a recordable medium for automatically 
handling Internet Key Exchange (IKE) traffic in a virtual private network (VPN), which when 
executed, comprises: 

program code configured to search for IKE traffic permit filters; 

program code configured to automatically allow IKE traffic from outside the VPN to flow 
into the VPN if the IKE traffic permit filters are not detected; and 

program code configured to manage the IKE traffic through VPN connectionSi 
wherein the IKE traffic is traffic using IKE protocols . 

25. (Original) The program product of claim 24, wherein the IKE traffic permit filters are 
searched for on a first node. 

26. (Original) The program product of claim 25, wherein the IKE traffic is automatically allowed 
to flow between the first node and a second node if IKE traffic permit filters are not detected. 

27. (Original) The program product of claim 26, wherein the IKE traffic that flows between the 
first node and the second node establishes security associations for a VPN connection between 
the first node and the second node. 

28. (Currently Amended) The program product of claim 27, wherein IKE refreshing traffic is 
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automatically allowed to flow between the first node and the second node outside of the VPN 
connection 

wherein the refreshing IKE traffic is used to refresh security associations . 

29. (Original) The program product of claim 28, wherein the refreshing IKE traffic is secured by 
the first node and the second node. 

30. (Original) The program product of claim 24, wherein the IKE traffic for VPN connections is 
managed based upon a table containing entries that identify connections between nodes, IP 
addresses of connected nodes, and security associations for the VPN connections. 

3 1 . (Original) The program product of claim 30, wherein the IKE traffic pertaining to a nested 
VPN connection is guided outside of the nested VPN connection in a secured mode based upon 
the security associations between the first node and the second node identified in the table. 
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